Industrial Anomaly Detection begins by establishing transparency regarding the devices integrated into industrial networks (such as controllers and HMI devices) and the software installed on them. Having achieved that, the second step is to identify vulneabilities within devices on the network by matching assets with known vulnerabilities (Common Vulnerabilities and Exposures/CVEs) and identifying other “network hygiene” configuration issues that need to be closed. The third step is to continuously monitor the devices’ communication behavior. The system collects the data passively, so it does not have any effect on production. It supports the products of all the current automation manufacturers and their protocols. If the solution detects deviations that might indicate unauthorized intrusions or misconfigurations, it automatically sends an alarm to the users. Depending on the criticality, the incidents can be dealt with by on-site experts or external security specialists.
The anomaly detection system also uses artificial intelligence (AI), which configures the system by a process of self-learning: The solution automatically analyzes the data traffic in the network in a “learning phase”, so that it can then detect anomalies, which might indicate intrusion or data theft by hackers.
“Industrial Anomaly Detection” is an important complement to the range of industrial security products and services offered by Siemens, which is based on the holistic Defense-in-Depth concept.
Partnerships to heighten cybersecurity
the Munich Security Conference 2018, Siemens initiated the Charter of Trust for binding rules and standards to build trust in cybersecurity and further advance digitalization. To continuously innovate and adapt cybersecurity measures to new threats it’s important to combine domain know how. For this reason Siemens cooperates with numerous different partners and uses for “Industrial Anomaly Detection” technology from leading partners.
Siemens will present a solution for detecting anomalies in industrial networks at the Hannover Messe 2018. “Industrial Anomaly Detection” enables security-related incidents, such as unauthorized intrusions and malware, to be identified and countermeasures to be taken.